TP-Link has released urgent firmware updates for its Archer BE230 Wi-Fi 7 routers to address multiple high-severity security flaws.
These vulnerabilities could allow authenticated attackers to execute arbitrary operating system (OS) commands, effectively granting them complete administrative control over the device.
The vulnerabilities affect the Archer BE230 v1.2 model running firmware versions before 1.2.4 Build 20251218 rel.70420.
These span various system components, including VPN modules, cloud communication services, and configuration backup functions.
TP-Link OS Command Injection Vulnerability
The core issue across all reported CVEs is OS Command Injection. This type of vulnerability occurs when an application passes unsafe user-supplied data (such as form data, cookies, or HTTP headers) to a system shell.
In this case, an attacker with high privileges (authenticated access) can inject malicious commands that the router executes with root-level permissions.
CVE IDComponent / ModuleCVSS v4.0 ScoreCVE-2026-0630Web Modules8.5CVE-2026-22222Web Modules8.5CVE-2026-0631VPN Modules8.5CVE-2026-22221VPN Modules8.5CVE-2026-22223VPN Modules8.5CVE-2026-22224Cloud Communication Modules8.5CVE-2026-22225VPN Connection Service8.5CVE-2026-22226VPN Server Config Module8.5CVE-2026-22227Config Backup Restoration8.5CVE-2026-22229Import of Crafted Config File8.6
While the attack complexity is low (AC:L), it does require the attacker to have high privileges (PR: H).
However, if an attacker has already compromised a weak admin password or hijacked a session, they can use these exploits to escalate from simple management access to complete control of the underlying operating system.
The following table outlines the specific CVEs assigned to these flaws. Note that while they share similar impacts, they represent distinct code paths.
Successful exploitation allows an attacker to manipulate the router’s configuration, intercept network traffic, disrupt services, or use the device as a pivot point to attack other devices on the network.
TP-Link has released a patched firmware version to mitigate these threats. Network administrators and users are strongly advised to update their devices immediately.
Users can download the latest firmware directly from the official TP-Link support pages for their respective regions (US, EN, or SG). Failure to apply these updates leaves the network infrastructure exposed to potential compromise.
The post Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device appeared first on Cyber Security News.
